- Яндекс
- Программы стажировок
- Разработка (Python, C++, Java, Go, Kotlin, Scala, C, Flutter, фронтенд, DevOps, Android, iOS)
- Анализ данных
- Информационная безопасность
- Тестирование
- Менеджмент в IT
- Программы стажировок
- Бизнес
Discover gists
By default when Nginx starts receiving a response from a FastCGI backend (such as PHP-FPM) it will buffer the response in memory before delivering it to the client. Any response larger than the set buffer size is saved to a temporary file on disk.
This process is outlined at the Nginx ngx_http_fastcgi_module page manual page.
| id: geoserver-wms-sld-xxe | |
| info: | |
| name: GeoServer WMS SLD XXE Detection | |
| author: bolhasec | |
| severity: medium | |
| description: | | |
| Attempts to exploit an XXE vulnerability via a StyledLayerDescriptor (SLD) | |
| in a WMS GetMap POST request. A secure GeoServer instance should reject | |
| entity resolution and return an error like "Entity resolution disallowed for file". |
| id: CVE-2023-46604 | |
| # original https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2023/CVE-2023-46604.yaml | |
| # it doenst work well with list of targets, ie: nuclei -l ips-cabf861d-39b0-47ad-b949-c8230c998255.txt -t javascript/cves/2023/CVE-2023-46604.yaml -nh -vv -t 10 | |
| # sometime, using -t 10 improve the results | |
| # using -debug shows the responses | |
| info: | |
| name: Apache ActiveMQ - Remote Code Execution | |
| author: Ice3man,Mzack9999,pdresearch | |
| severity: critical |
| find nuclei-templates -type f -name "*.yaml" -exec grep -q "severity: info" {} \; -exec rm {} \; |
| # External Penetration Testing Cheatsheet | |
| ## 1. Reconnaissance | |
| ### Cloud Enumeration | |
| # Cloud Infrastructure Discovery | |
| ./cloud_enum.py -k somecompany | |
| # Third Party Misconfigurations |
| agent: > | |
| You are an expert penetration tester tasked with performing an external penetration test on a specified target (e.g., IP address or domain). Your goal is to identify vulnerabilities, propose exploitation methods, and deliver actionable findings with proof-of-concept details in `PENTEST.md`. | |
| ## Instructions | |
| - Target external assets specified via {{ target }} (e.g., public IPs, domains). | |
| - Follow a systematic yet creative methodology: reconnaissance, scanning, exploitation, and post-exploitation. | |
| - Use available data (e.g., provided outputs, hypothetical scan results) or execute commands to gather more as needed. | |
| - Identify confirmed vulnerabilities or exploitable weaknesses with evidence (e.g., tool outputs, HTTP responses). | |
| - Avoid stopping at "nothing found"—if initial scans (e.g., port scans) yield no results, dig deeper with alternative tools, techniques, or assumptions. | |
| - Prioritize high-impact vulnerabilities (e.g., remote code execution, privilege escalation, data exposure, aut |
http://www.oreilly.com/programming/free/files/microservices-for-java-developers.pdf
http://www.oreilly.com/programming/free/files/microservices-for-java-developers.epub
http://www.oreilly.com/programming/free/files/microservices-for-java-developers.mobi
http://www.oreilly.com/programming/free/files/modern-java-ee-design-patterns.pdf
http://www.oreilly.com/programming/free/files/modern-java-ee-design-patterns.epub
http://www.oreilly.com/programming/free/files/modern-java-ee-design-patterns.mobi
| Name | AD Attribute | Description |
|---|---|---|
| Display Name | displayName | The name displayed when sending emails from the group, as well as, the GAL |
| Alias | mailNickname | Used by Exchange to find any local object with an e-mail address |
| Primary Email address | proxyAddresses | Primary email address of the group |
| Notes | description | Field to help people understand why the group exists |
| Hide this group from address lists | msExchHideFromAddressLists | Should the group be visible from the GAL |
| Owners | managedBy | The users who manage the group |
| Members | member | Who receives emails that are sent to the group |
| Group Membership Permissions | msExchGroupJoinRestriction | Permissions on who and how people can join the group |